If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Details:
========
The BlackICE Agent setup contains the parameter
"restart.whenSuspend", which should be enabled by default. This,
however, is not always the case, and as a result the firewall
might not reactivate after a system standby. The BlackICE Agent
would still give all the appearences of being active, but the
filter function would not be in effect, and network communication
would be possible to the same extent as if the software wasn't
installed.

Vendor response:
================
The vendor was notified on the 15th of March, 2002. The issue was
assigned case number 526997. On the 18th of March, we received a
workaround that seemingly solved the issue. On the 6th of June, 2002
the vendor informed us that the issue had been corrected in the
latest build.

BlackICE always used to actively block perceived intrusion attempts in to a machine... so well, in fact, on certain boxes it could completely shut down an interface, allowing no traffic in or out of the box. LOL

One of its (other) early problems was that you couldn't ever get it out of promiscuous mode (ie. cable modem folks were screwed, as the thing would continually alarm about weird connections in to their neighbor's machine).

\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

Originally posted here by hogfly Since when did black ice do anything other than detect intrusion attempts ?

After much ado they finally added intrusion blocking. It's still not a half bad IDS, on the other hand, it's not that great of a firewall. Not just because of this issue but like other products it does crash 'open'.

Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson

I have a question:I keep getting *attacks* from myself(I'm on a dialup connection):TCP PORT SCANS and SYN FLOODS.How do I get BlackIce to stfu without telling it to trust myself and wtf is causing this?

draziw: haha thats exactly why I tried it, and tossed it out...... when realplayer from someone on the roadrunner network sets off your firewall with its perceived 'UDP probe" the product is ****.

It never was that great a firewall, and still isn't IMO. it did have that lovely feature that plays sounds when something set it off though... hell we replaced the .wav with a "DIVE DIVE DIVE" alarm sound........might as well pretend that it was actually doing something.....

it did do a good job of alerting you to attempts...I will give it that.. I wouldn't trust it to protect my system though....not ever

hrm for the $40 bucks it costs(not sure if that is still accurate)...you could pick up an old 486 and run IPF/PF........ or atleast use tiny personal firewall.....atleast that has rule management

Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

Originally posted here by VicTT I have a question:I keep getting *attacks* from myself(I'm on a dialup connection):TCP PORT SCANS and SYN FLOODS.How do I get BlackIce to stfu without telling it to trust myself and wtf is causing this?

You'd have to post either you log (in CSV) or your evidence/sniffer files (*.enc I think) here, I think, for anyone to give you a straight answer... and your IP at the time of the files would help, too.

As I've said... BlackICE likes to run in promiscuous mode, even if you try to tell it not to... (though if they're coming from you???) Like I said... not much we can say without a little bit of documentation.

\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

Originally posted here by hogfly draziw: haha thats exactly why I tried it, and tossed it out...... when realplayer from someone on the roadrunner network sets off your firewall with its perceived 'UDP probe" the product is ****.

It never was that great a firewall, and still isn't IMO. it did have that lovely feature that plays sounds when something set it off though... hell we replaced the .wav with a "DIVE DIVE DIVE" alarm sound........might as well pretend that it was actually doing something.....

it did do a good job of alerting you to attempts...I will give it that.. I wouldn't trust it to protect my system though....not ever

hrm for the $40 bucks it costs(not sure if that is still accurate)...you could pick up an old 486 and run IPF/PF........ or atleast use tiny personal firewall.....atleast that has rule management

I agree with you... I had the pleasure (?) of working with these folks in their early attempts are piecing together a widely deployed, "smart" firewall. With all the problems we had with certain name brand cards mysteriously having problems with BlackICE, to the thing reporting "probes" because it was in promiscuous mode and b*tching about someone else's legitimate multicast session or DNS lookup... *sigh* Not fun...

We also had a few times where it reported an event, but didn't block anything (even when we were actually attacking the box so as to test the thing).

Think I probably still have a few flames saved from their CTO or whatever, too, addressed to me from that time in my life... (though you would think they would be a bit nicer to potential large customers)

\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

doesn't blackice only stop incoming 'attacks'
i read a report from a rep from blackice team that said it doesn't block/monitor any traffic initiated by the user...so according to blackice, any servers run by you, were meant to be run...which is not always the case.

Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!